From 8f8c0bbc5236e0deedd35595c504e5fd380b1233 Mon Sep 17 00:00:00 2001
From: Henrik Jonsson <me@hkjn.me>
Date: Tue, 22 Sep 2015 14:51:58 +0200
Subject: [PATCH] Explicitly set uid/gid for postgres/postgres

The values 999:999 are identical to the current user/group id assigned
in the containers (tested in postgres:9.4, but should be identical for
all versions), but this guarantees that those values will remain the
same even if the groupadd/useradd commands were moved elsewhere in the
Dockerfile, or a new debian:jessie image was pushed.

Tested:
core@test-1 ~ $ docker run -v $(pwd):/origin --rm -it debian:jessie bash -c 'groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres && mkdir /origin/pg && chown -R postgres:postgres /origin/pg'
core@test-1 ~ $ ls -hsal pg/
total 8.0K
4.0K drwxr-xr-x 2  999  999 4.0K Sep 22 12:57 .
4.0K drwxr-xr-x 5 core core 4.0K Sep 22 12:59 ..

core@test-1 ~ $ rm -rf pg/
core@test-1 ~ $ docker run -v $(pwd):/origin --rm -it --user=root postgres:9.4 bash -c 'mkdir /origin/pg && chown -R postgres:postgres /origin/pg'
core@test-1 ~ $ ls -hsal pg/
total 8.0K
4.0K drwxr-xr-x 2  999  999 4.0K Sep 22 12:59 .
4.0K drwxr-xr-x 5 core core 4.0K Sep 22 12:59 ..
---
 9.0/Dockerfile | 4 ++--
 9.1/Dockerfile | 4 ++--
 9.2/Dockerfile | 4 ++--
 9.3/Dockerfile | 4 ++--
 9.4/Dockerfile | 4 ++--
 9.5/Dockerfile | 4 ++--
 6 files changed, 12 insertions(+), 12 deletions(-)

diff --git a/9.0/Dockerfile b/9.0/Dockerfile
index 402d06a64c..7afa3d3833 100644
--- a/9.0/Dockerfile
+++ b/9.0/Dockerfile
@@ -1,8 +1,8 @@
 # vim:set ft=dockerfile:
 FROM debian:jessie
 
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r postgres && useradd -r -g postgres postgres
+# explicitly set user/group IDs
+RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres
 
 # grab gosu for easy step-down from root
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
diff --git a/9.1/Dockerfile b/9.1/Dockerfile
index bee13968f9..ad6b698d9d 100644
--- a/9.1/Dockerfile
+++ b/9.1/Dockerfile
@@ -1,8 +1,8 @@
 # vim:set ft=dockerfile:
 FROM debian:jessie
 
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r postgres && useradd -r -g postgres postgres
+# explicitly set user/group IDs
+RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres
 
 # grab gosu for easy step-down from root
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
diff --git a/9.2/Dockerfile b/9.2/Dockerfile
index 61bc7afff3..36d58955b3 100644
--- a/9.2/Dockerfile
+++ b/9.2/Dockerfile
@@ -1,8 +1,8 @@
 # vim:set ft=dockerfile:
 FROM debian:jessie
 
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r postgres && useradd -r -g postgres postgres
+# explicitly set user/group IDs
+RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres
 
 # grab gosu for easy step-down from root
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
diff --git a/9.3/Dockerfile b/9.3/Dockerfile
index afdb379a60..1f5f1a7848 100644
--- a/9.3/Dockerfile
+++ b/9.3/Dockerfile
@@ -1,8 +1,8 @@
 # vim:set ft=dockerfile:
 FROM debian:jessie
 
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r postgres && useradd -r -g postgres postgres
+# explicitly set user/group IDs
+RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres
 
 # grab gosu for easy step-down from root
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
diff --git a/9.4/Dockerfile b/9.4/Dockerfile
index 4031cda3f9..5429bd299f 100644
--- a/9.4/Dockerfile
+++ b/9.4/Dockerfile
@@ -1,8 +1,8 @@
 # vim:set ft=dockerfile:
 FROM debian:jessie
 
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r postgres && useradd -r -g postgres postgres
+# explicitly set user/group IDs
+RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres
 
 # grab gosu for easy step-down from root
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4
diff --git a/9.5/Dockerfile b/9.5/Dockerfile
index a11f866ca6..ad7266f74e 100644
--- a/9.5/Dockerfile
+++ b/9.5/Dockerfile
@@ -1,8 +1,8 @@
 # vim:set ft=dockerfile:
 FROM debian:jessie
 
-# add our user and group first to make sure their IDs get assigned consistently, regardless of whatever dependencies get added
-RUN groupadd -r postgres && useradd -r -g postgres postgres
+# explicitly set user/group IDs
+RUN groupadd -r postgres --gid=999 && useradd -r -g postgres --uid=999 postgres
 
 # grab gosu for easy step-down from root
 RUN gpg --keyserver pool.sks-keyservers.net --recv-keys B42F6819007F00F88E364FD4036A9C25BF357DD4